Dear Visitor, we inform you that COSMED (to view legal information of the company click here), as Data Controller, will process the personal data you provide on the websites cosmed.com and store.cosmed.com (hereinafter the SITES) for the purpose of providing COSMED services made available through the SITES, in accordance with the applicable data protection law.
Pursuant to Article 13 and following of the 2016/679 European Union Regulation for the protection of personal data (hereinafter GDPR), COSMED informs the user - who browsers the SITES - about the purposes and methods of processing of his/her personal data. If the user decides to use the services of the SITES, the user will receive Privacy Notice on the processing of data provided in compliance with Article 13 and following of the GDPR. Please note that the Notice is provided exclusively in relation to the data provided for the purpose of consulting the SITES, therefore, it is not made in relation to the consultation of other websites that may be consulted by the user via links.
Data Controller, Data Processor, and authorized personnel
The browser of this site by the user, results in the necessary release of information of the nature of personal data. If the user does not provide such data, the use of the services on the SITES may be impossible. Personal data will be processed by authorized personnel, designated respectively by the Data Controller or by the Data Processors, who operate under their direct authority and instructions received.
The Data Protection Officer
COSMED, having the right to do so by virtue of the types of processing carried out on personal data, has not appointed the Data Protection Officer.
Methods and purpose of the processing
User’s personal data will be processed by means of informatics/telematics tools for purposes strictly necessary to the use of the SITES, as well as for purposes related to them and/or instrumental purposes. The data processing will be performed by means of instruments and by methods with the aim of ensuring the confidentiality and security of the data, in compliance with the provisions of applicable law on data protection.
Legal basis of the data processing
User’s personal data will be processed on the basis of the legitimate interest of the Controller and / or to fulfill a legal obligation. Furthermore, user’s personal data may be processed for specific purposes if user has given a clear and explicit consent related to them.
Methods and times of conservation
The processing of user’s personal data will be carried out in such a way as to ensure adequate security and confidentiality and to prevent unauthorized access or use of both user’s personal data and the tools used to process them. Therefore, personal data will be processed and stored in full compliance with principles of necessity, data minimization and storage limitation, by adopting technical and organizational measures that are appropriate to the level of risk of the processing and no longer than the time that is necessary for the purposes for which the personal data are processed, and in any case for the period established by law.
Types of data processed
The processing relates to the user’s personal data provided on SITES, for the purposes and with the methods already specified.
Furthermore, it is possible that also navigation data could be processed for the following purposes: information systems and software procedures collect personal data whose transmission is implicit in the use of Internet communication protocols, during their normal operation. Information is not collected to be associated with data subjects, but through processing and association with data held by third parties, it could be possible user’s identification. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters relating to the user’s operating system and computer environment. These data are only used to obtain anonymous statistical information on the use of the site and to check its proper functioning and are kept for the time defined by the applicable law. The data could be used to determine the liability in the event of suspected computer crimes against the SITES.
Categories of subjects who may become aware of the user's data
In addition, COSMED may also be carried out data processing, as a result of communication, by the companies of the COSMED Group or by any Data Processors, exclusively for the purposes already described. In the latter case, the Data Controller shall give the Data Processors adequate operating instructions, with particular reference to the adoption of security measures, to ensure the confidentiality, integrity, and security of the data. The user's data may also be communicated to the judicial, administrative or other public authority entitled to request them, in the cases provided for by law.
Rights of the data subject
The user has the right to obtain access to the following information from COSMED: purposes of processing, categories of personal data, recipients or categories of recipients to whom personal data have been or will be disclosed, the expected storage period of personal data or, if not possible, the criteria used to determine this period, the origin of personal data, the existence of a profiling process and information on the logics used.
User also has the right to:
- have her/his personal data rectified, if inaccurate;
- have her/his personal data integrated, if incomplete;
- obtain the limitation of personal data processing (in this case, data are processed only with her/his consent, unless for necessary storage of them);
- oppose to the processing of such data;
- obtain the deletion of her/his data ('right to be forgotten');
- obtain the portability of data, or the transmission of her/his personal data by a Controller to another, where technically feasible.